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APPEAL BRIEF UNDER 37 C.F.R. 41.37 

Mail Stop j!^peal Briefs - Patents . 
Commissioner for Patents 
P.O. Box 1450 

Alexandria, Virginia22313-1450 
Sir: 

This Brief is submitted in support of the Appeal of the Examiner's final rejection of 
Claims 1-12 in the above-identified application. A Notice of Appeal was filed in this case on 
Febmaxy 24, 2006 and received in the United States Patent and Trademark OfSce on Febniaxy 
24, 2006. Please charge the fee of $500.00 due under 37 C.F.R. §1. 17(c) for filing the brief, as 
weU as any additional required fees, to IBM CORPORATION DEPOSIT ACCOUNT No. 09- 
0447. 
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REAL PARTY IN INTEREST 
The real paity in interest in the present AppKcation is Intemational Business Machines 
Corporation, the Assignee of the present appUcation as evidenced by the Assignment set fbrth at 
reel 012576, frame 0214. 

RELATED APPEALS A3VD INTERFERENCES 
There are no other appeals or interferences known to Appellants, the Appellants' legal 
representative, or assignee, which directly affect or would be directly affected by or have a 
bearing on the Board's decision in the pending appeal. 

STATUS QFCLAI]Vj[^ 
Claims 1-12 stand finally rejected by the Examiner as noted in the Final Office Action 
dated Dec^ba: 9, 2005. The rejection of Claims 1, 5 and 9 under 35 U.S.C. § 112, first and 
second paragraphs; and the rejection of Claims 1-12 under 35 U.S.C. § 103(a) are appealed. 

STATUS OF AMENDMENTS 
No amendmeats to the claims have been made subsequent to the December 9, 2005 Final 
Office Action from which this Appeal is filed. 

StJMMARY OF THE CLAIMEP SUBJECT MATTER 

As recited by Appellants* ind^endent Claim 1, Appellants' invention provides a method 
for establishing a secure comiection to a server for a specific user of a client computer on a 
network utilizing a Secure Sockets Layer (SSL) system. The method comprises the foUowtug 
steps: 

(J) storing a plurality of keyfiles for differwt users in a data storage that is accessible 
only to a client computer^ each of said keyfiles comprising a unique private cryptology key, a 
corresponding public cryptology key, and a name of a Certificate Authority (CA) that issued the 
uBiquB private cryptology key and ttie corresponding public cryptology key for a specific user; 
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(2) storing a plurality of passwords in said data storage, each of said passwords being 
associated with a respective keyfile, each of said passwords being capable of opening only one of 
said keyfiles; 

(3) in response to receiving one of said passwords input from the specific user, 
opeajing said one of said keyfiles associated with said one of said passwords and said specific 
user; and 

(4) transmitting &om said chent computer to a server a digital certificate firom said 
open keyfile to enable said servet to authenticate an identity of said specific user firom a plurality 
of users who are authorized to use said client computer, wherein a secure connection is 
established with the server for the specific user. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

A. The Examiner's rejection of Claims 1, 5 and 9 under 35 U.S.C. § 1 12, first paragraph, is . 
to be reviewed on AppeaL 

B. The Examiner's rejection of Qaims 1, 5 and 9 under 35 U.S.C. § 112, second paragraph, 
is to be reviewed on Appeal. 

C. The Examiner's rejection of Claims 1, 2, 4-6, 8-10 and 12 as being unpatentable under 35 
use 103(a) over Wrench Jk (U.S. Patent i^lication Publication No. 2002/0104025 - 
'Wrench") in view of Sasaki, et al. (U.S. Patent No. 6,378,071 - "Sas^zAi**) and 
Schneier's publication "Apphed Cryptography"* {Schneier)\ and Claims 3, 7 and 1 1 under 
35 use 103(a) over Wrench in view of SasaJd and Schneier and Norris, et al (U.S. 
Patent Application Publication No. 2002/0095568 - ^'Norris'% is to be reviewed on 
Appeal- 
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ARGUMENTS 

A. The ExanMuaex's rejection of Claixas 1, 5 and 9 irader 35 U.S.C § 1 12, first paragr^h. 

The Exaxnfner's rejection of Claims 1^ 5 and 9 is improper sjnce the phrases ''data 
storage that is accessible only to a client computer'^ and "opening only one of said 
keyfiles" are supported by the speciflcation. 

The Examiner has rejected Claims 1, 5 aixd 9, stating that the limitation "storing a 
plurality of keyfiles for dijEferent users in a data storage that is accessible only to a client 
computer" is not supported by the specification. However, this feature is supported, inter alia, 
on page 12, lines 21-26, of the present specification, which discusses protecting access to 
keyfiles. Specifically, the specification states that a user must enter a password to access the data 
storage via a GUI on "display 32 using GUI appfication 40, shown in Figures 3 and 4, 
respectively, for the user's password 22 Aat will unlock that user's keyfile 24 containing the 
user's digital certificate and private key found in authentication data 42 as described in Figure 
4." Thus, since only a local input to the client computer will be afford access to the keyfiles, 
then the data storage is accessible only to the client computer. 

The Exaxoiiner has also rejected Claims 1, 5 and 9, stating that the limitation "each of said 
passwords being capable of opening only one of said keyfiles" is not supported by the 
specification. However, this feature is supported, inter alia, on page 12 line 8, in which '*Each of 
the multiple users has a unique keyfile 24." As stated on page 10, lines 10-12, the '^xser 
identified by user identifier 15a C*User ID 1") enters password 22a ("Passwordl") to open 
keyfile 24a (•'Keyfile 1"). Thus each of the passwords is "capable of opening only one of said 
keyfiles," such that '"in response to receiving one of said passwords input firom the specific user, 
opening said one of said keyfiles associated with said one of said passwords and said specific 
user." 

Thus, this rejection is not well founded and should be reversed. 
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B. The Examiner's rejectic3fn of Claims 1, 5 and 9 imder 35 U.S.C, § 1 12, second paragraph. 

The Examiner's rejection of Claims 1, S and 9 is improper since the phrase "the 
specific nser^' has support in the preambles of the claims* 

The Examiner has rejected Claims 1, 5 and 9 for lack of antecedent basis of the term 'the 
specific user.'* However, the term "a specific user," to which the term **the specific user"' refers, 
is found in the preamble of the claim^ and thus has sufficient antecedent basis. (MP£P 
706.03(d)) 

Thus, this rqection is not well founded and should be reversed. 

C. The Examiner's rejection of Qaims 1, 2, 4-6, 8-10 and 12 as being unpatentable under 35 
use 103(a) over Wrench Jr. (U.S. Patent Application Pubhcation No. 2002/0104025 - 
'WrencK") in view of Sasaki, et al (U.S. Patent No. 6,378,071 - "Sasake") and 
Schneier's publication "Applied Cryptogr^hy" (Schneier); and Claims 3, 7 and 11 under 
35 use 103(a) over Wrench in view of Sasaki and Schneier and Norris, et aL (U.S. 
Pateot Application Publication No. 2002/0095568 - *'Norris''), 

The Examiner's rejection of Claims 1-12 is improper since the cited prior art does 
not teach or suggest all of the limitations of the claims. 

With reference to exemplary Claim 1, the cited art does not teach or suggest the 
limitation of "storing a plurality of keyfiles for different users in a data storage that is accessible 
only to a client computer." Sasaki teaches in Figure 3> and col. 5, lines 40-45, that the CPU in 
the client computer is to "determine whether the input user ID and password accords with a 
registered user ID and password," However, there is no teaching or suggestion of the limitation 
that the data storage is accessible only to the client computer. Rather, in Sasaki the data storage 
may be accessible through any cHent computer, as long as the \iser knows the correct user ID and 
password. 
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Furtliennore, the cited art does not teach the limitatioiis of "storing a plurality of keyfiles 
for different users" and "in response to receiving one of said passwords input from the specific 
user, opening said one of said keyfiles associated vdth said one of said passwords and said 
specific usef* (i,e,, each of tiie keyjBles are password protected for a specific user). This feature 
is supported, inter alia^ by Figure 4 and the related text While Wrench teaches that a private key 
may be password protected (paragraph [0028]), there is no suggestion of storing a different 
keyfile for each of a plurality of different users. Snnilarly, while Sasaki teaches that a password 
and ID checker (user authentication unit 2) may check to see if a password and ID are correct for 
opening a file, there is no suggestion of multiple **users" having different •Tceyfiles." Thus, this 
feature is not taught or suggested by the cited art. 

As the cited art does not teach or suggest all of the limitations of the presently claimed 
invention, this rejection is not well founded and should he reversed. 
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CONCLUSION 

Appellants have pointed out with specificity the manifest error in the Examiner's 
rejections, and the claim language whidx renders the inv^tiou patentable over the various 
combinations of references. Appellants, therefore, respectfully request that this case be 
remanded to the Examiner with instructions to issue a Notice of Allowance for all pending 
claims. 



RespectJBilly submitted. 




James B. Boice 

Reg. No. 44,545 

DILLON & YUDELL LLP 

8911 N. Capital of Texas Highway 

Suite 21 10 

Austin, Texas 78759 

512-343-6116 
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CXAIMS APPENDIX 

1. A method for establishing a secure comiection to a server for a specific user of a clieatit 
computegr on a network utilxzitig a Secure Sockets Layer (SSL) system^ said method comprising: 

storing a plurality of keyfiles for dififerent users in a data storage that is accessible only to 
a client con^uter^ each of said keyfiles comprising a unique private cryptology key, a 
corresponding public cryptology key, and a name of a Certificate Authority (CA) that issued the 
unique private cryptology key and the coiresponding public cryptology key for a specific user; 

storing a plurality of passwords in said data storage, each of said passwords being 
associated with a respective keyfile, each of said passwords being capable of opening only one of 
said keyfiles; 

in response to receiving one of said passwords input &om the specific user, opening said 
one of said keyfiles associated with said one of said passwords and said specific user; and 

transmitting &om said client compute to a server a digital certificate fix>m said open 
keyfile to enable said server to authenticate an identity of said specific user firom a plurality of 
users who are authorized to use said client computer, wh^ein a secure connection is established 
with the server for the specific user. 

2. The method of claim 1, furflier comprising: 

storing an authentication data fi>r said specific user in said data storage, said 
anttientication data comprising a unique identifier that corresponds to a password for said 
specific user; and 

identifying said specific user for opening a keyfile according to said unique identifier. 

3. The method of claim 1, further comprising: 

authenticating an identity of said specific user through a process of hashing, said process 
including the steps of: 

bashing a message into a hashed message using a hash function; 

encrypting said hashed message into an encrypted hashed message using 
said private cryptology key; and 
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transmitting said hash fimction, said message and said encrjrpted hashed 
message to said server. 

4, The method of claim 1, jRixther comprising prompting said specific \iser for a password 
through a Graphical User Interface (GUI) in a display associated with said client computer. 

5- A client computer for establishing a secure connection to a server for a specific user of 
the client computer on a network utilizing a Secure Sockets Layer (SSL) system, said client 
computer comprising: 

means for storing a pliirality of keyfiles for different users in a data storage that is 
accessible only to a client computer, each of said keyfiles comprising a unique private 
cryptology key, a corresponding public cryptology key, and a name of a Certificate Authority 
(CA) that issued the unique private cryptology key and the corresponding public cryptology key 
for a specific user; 

means for storing a plurahty of passwords in said data storage, each of said passwords 
being associated with a respective keyfile, each of said passwords being capable of opening only 
otje of said keyfiles; 

means for, in response to receiving one of said passwords input firom the specific user, 
opening said one of said keyfiles associated with said one of said passwords and said specific 
usBi^ and 

means for transmitting from said client computer to a server a digital certificate from said 
open keyfile to enable said server to authenticate an identity of said specific user from a plurality 
of useis who are authorized to use said client computer, wherein a secure connection is 
established with the server for the specific us^. 

6, The client computer of claim 5, further comprising: 

. means for storing an authentication data for said specific user in said data storage, said 
authentication data comprising a unique identifier that corresponds to a password for said 
specific user; and 
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meaDs for identifying said specific user for opening a keyfile according to said unique 
identifier. 

7. The client computer of claim 5, further comprising: 

means for authenticating the identity of said specific user throu^ a process of hashing, 
said means for authenticating the identity of said specific user through said process of hashing 
including: 

means for hashing a message into a hashed message using ^ hash 
function; 

means for encrypting said hashed message into an encrypted hashed 
message using said private cryptology key; and 

means for transnxitting said hash Sanction, said message and said 
encrypted hashed message to said server. 

8. The client computer of claim 5, further comprising means for prompting said specific 
user for a password through a Graphical User Interface (GUI) in a display associated with said 
client computer. 

9. A comjiuter program product residing on a computer usable mediirai for establishing a 
secure connection to a server for a specific user of a client computer on a network utilizing a 
Secure Sockets Layer (SSL) system, said computer program product comprising: 

program code means for storing a plinrality of keyfiles for diflferent users in a data storage 
that is accessible only to a client conxputer> each of said keyfiles comprising a unique private 
cryptology key, a coitesponding public cryptology key, and a name of a Certificate Authority 
(CA) that issued the unique private cryptology key and tiae coiresponding public o^Tptology key 
for a specific user; 

program code means for storing a plurality of passwords in said data storage, each of said 
passwords being associated with a respective keyfile, each of said passwords being capable of 
opening only one of said keyfiles; 



AUS92001097STJS1 - Appeal Brief - 10 - Serial No. 10/062,348 



PAGE 1 1/14 ' RCVD AT 3f21/2006 3:42:03 PM [Eastern Standard Time] ' Sffl^^^^ 



MAR/2 1/2006/TUE 0'2:21 PM DILLON & YUDELL. LLP FAX No. 5123436446 



P. 012 



program code means for, in response to receiving one of said passwords input from the 
specific user, opening said one of said keyfiles associated with, said one of said passwords and 
said specific user; and 

program code means for transmitting from said client computer to a server a digital 
certificate from said open keyfile to enable said serv^ to authenticate an identity of said specific 
user from a plurality of users who are authorized to use said cUent compxrter, wherein a secure 
connection is estabUshed with the server for the specific user. 

10. The computer program product of claim 9, fiurther comprising; 

program code means for storing an authentication data for said sjpecific user in said data 
storage, said authentication data comprising a unique identifiet that corresponds to a password 
for said specific user; and 

program code means for identifying said specific user for opening a keyfile according to 
said unique identifier. 

1 1 . The computer program product of claim 9, fixtther comprising: 

program code means for authenticating the identity of the specific user through a process 
of hashing, said program code means including: 

program code means for hflflhing a message into a hashed message using a 
hash fimction; 

program code means for encrypting said hashed message into an encrypted 
hashed message using said private cryptology key; and 

program code means for transmitting said hash fimction, said message and 
said encrypted hashed message to said server. 

12 . The computer program product of claim 9, fiurther comprising: 

program code means for displaying a Graphical User Interface (GUI) in a display 
associated with said client computer; and 

program code means for prompting said specific user for a password through said GUI. 
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EVIDENCE APPENDIX 

Other than the Office Actioii($) aad replyCies) akeady of record, no additional evidence 
has been entered by Appellants or the Examiner in the above-identified application which is 
relevant to this appeal 
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RELATED PROCEEDINGS APPENDIX 

There axe no related proceedings as described by 37 C.F.R. §41.37(c)(l)(x) known to 
Appellants, Appellants* legal representative, at assignee. 
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